Out Of The Dark – Snippet 15

General Thomas Sutcliffe, Commanding Officer, United States Strategic Command, looked up with a quizzical expression as Major General Yolanda O’Higgins stepped into his office. O’Higgins was a Marine, and under normal circumstances, she took the Marines’ institutional fetish for sharpness of personal appearance to unparalleled heights. It helped in that regard that she was a naturally precise, organized person — the sort who seldom had to scramble dealing with problems because she usually saw them coming well in advance. It also helped that she was probably one of the three or four smartest people Sutcliffe (who held multiple doctorates of his own) had ever met. She’d established her bona fides in Marine aviation when that wasn’t the sort of duty women normally drew, and played a major role in formulating the Corps’ input into the F-35 joint strike fighter, but her true strength lay in an incisive intellect and a pronounced ability to think “outside the box.” She was also widely acknowledged as one of the U.S. military’s foremost experts on cybernetics and information warfare, which was why she currently headed the Joint Functional Component Command-Network Warfare.

JFCC- NW, one of four joint functional component commands over which USSTRATCOM exercised command authority, was responsible for “facilitating cooperative engagement with other national entities” in computer network defense and offensive information warfare. Sutcliffe, despite his own impressive technical education, recognized that he wasn’t in O’Higgins’ stratospheric league when it came to issues of cyber warfare. In fact, he tended to think of her as the übergeek of übergeeks, and he accorded her all the respect to which an inscrutable wizard was entitled.

Despite which, he was surprised to see her in his office this morning. She was normally punctilious about scheduling meetings, and even if that hadn’t been the case, getting past Major Jeff Bradley, Sutcliffe’s aide, unannounced wasn’t exactly the easiest thing to do.

“And good morning to you, Yolanda,” he said mildly. “Excuse me, but did Jeff forget to tell me we had a meeting scheduled for today?”

“No, Sir, I’m afraid he didn’t.”

“I didn’t think so.” Sutcliffe cocked his head to one side. “On the other hand, you’re not exactly the sort to come bursting in unannounced on a whim. So what does bring you here this morning?”

“Hit?” Sutcliffe’s chair came fully upright as he leaned forward over his desk. “You mean a cyber attack?”

“Sir, I mean a fucking cyber massacre,” O’Higgins said even more flatly, and Sutcliffe’s eyes narrowed. The major general’s mahogany complexion wasn’t exactly suited to paling, but Yolanda O’Higgins very, very seldom used that kind of language.

“How bad?” he asked tersely.

“We’re really only starting to sort out the details, Sir. It’ll be a while before we know how deep they actually got, but they blew right through our perimeter firewalls without even slowing down. And it was across the board. DIA, Homeland Security, CIA, FBI — they hit all of us simultaneously, Sir.”

O’Higgins might not be equipped to blanch, but Sutcliffe felt the color draining out of his own face. He stared at her for a long, frozen moment, then reached for the phone.

***

“So how bad is it? That’s the bottom- line question,” President Harriet Palmer said, letting her gaze circle the faces of the men and women seated around the table.

There was silence for a moment, then General Koslow, the Chief of the Joint Chiefs of Staff, cleared his throat.

“I think General Sutcliffe’s probably the best person to answer that question, Madam President. His people at StratCom were the first to realize what was happening.”

Koslow nodded across the table to Sutcliffe, and the president turned to him.

“Well, General Sutcliffe?”

“Madam President, the short answer to your question is that it’s pretty damn bad,” he said frankly. “I assume you don’t want the technical details?”

“You assume correctly, General.” Palmer showed her teeth in a tight smile. If Sutcliffe’s language bothered her, she showed no sign of it. Of course, she’d been known to let slip the occasional “pithy phrase” herself upon occasion .”I came up through state government, not MIT.”

“Yes, Ma’am.” Sutcliffe nodded. “In that case, the best way to put it is that as nearly as we can tell someone penetrated somewhere around eighty percent of our secure databases before we managed to cut off access and isolate ourselves from the net.”

“Eighty percent?” Palmer stared at him in disbelief.

“Yes, Ma’am,” he said unflinchingly. “Somewhere around that.”

“How?” Palmer demanded. She shook her head. “I may have come up through government, not computer science, but I was under the impression we had the best security systems in the world!”

“So far as we know, Madam President, we do. But no security is perfect, and this apparently used a Trojan of an entirely novel design. We don’t have any idea where it came from, and the penetration itself was an incredibly sophisticated, coordinated attack which included some brute-force key crunching that… well, let’s just say no one on our side ever saw it coming. Or even thought it was possible for that matter! And it came at every one of our systems simultaneously — timed to the second — through better than a thousand lower-level systems.” He shook his head. “In that respect, all I can say is that it’s light-years beyond anything we’ve ever seen before. Our people are still backtracking, trying to figure out exactly what they did to us. At this moment, though, nobody’s got a clue how this could have been put together — how so many lower-level systems could have been penetrated — without anybody’s intrusion detection software seeing it coming.”

“Who did it?” Palmer asked flatly. “Do we at least know that much?”

“At this time,” Sutcliffe said in the tone of the man who’d rather be facing a firing squad, “all indications are that it came out of Iran, Madam President.”

“Iran?” If Palmer had been shocked by the degree of penetration, that was nothing compared to her shock at learning the source of the attack. “You mean those lunatics in Tehran managed this? Is that what you’re telling me, General Sutcliffe?”

“We’ve backtracked the attack to a coffee house not far from the Iranian Ministry of Defense’s central office in Tehran, Madam President. As far as we can tell, that’s where it originated.”

“Sweet Jesus,” the president said softly, and it was a prayer, not a blasphemy. She sat looking at Sutcliffe for several seconds, then swiveled her head to where the Secretary of Homeland Security sat flanked by the directors of the CIA and FBI and facing the Secretary of Defense across the table.

“Frank?” she said.

“Harriet,” Frank Gutierrez said, “we don’t know.” Gutierrez , the only person present who habitually addressed the president by her first name, had known Palmer for the better part of thirty years, which was how he’d come to be picked to head Homeland Security. “Our own computer people tell us the same thing General Sutcliffe’s people are telling him. Hell, for that matter, most of ‘our’ computer people are also ‘his’ computer people! None of them have ever seen anything like this, and all of them agree — all of them, Harriet — that it came out of Tehran.”

Palmer nodded slowly, her face ashen. No one had to tell her how disastrous this could prove. The sheer amount of information which had been compromised was horrifying to contemplate. Having that information in the hands of what were probably the United States’ most bitter enemies only made it still worse. Just thinking about what the Iranian régime could do with that sort of look inside the United States’ intelligence networks, that kind of fix on CIA’s chains of agents all around the world, was enough to make her physically ill. And that didn’t even consider….

“Do you think this had anything to do with Sunflower?” she asked.

“There’s no way to be certain either way,” Gutierrez said. “On the other hand, given the source of the attack, I don’t think we can afford to assume it didn’t. In addition….”

It was Gutierrez’ turn to pause and draw a deep breath.

“In addition,” he resumed a moment later, “we have some indications — they’re very preliminary, and none have been confirmed as yet, you understand — that we’re not the only ones who got hit. Everyone seems to be playing it close to his or her vest at the moment, but I’ve had some strange inquiries from my French and British counterparts. We’re stonewalling for right now — I told my people we might have something to say, to our friends, at least, after this meeting — but from what they’re asking, either they got hit themselves or else they know we got hit and want to know how badly.”

Palmer’s nostrils flared. “Sunflower” was the innocuous computer–generated code name Homeland Security’s analysts had assigned to a rumored Iranian operation. The various intelligence services had all been catching hints about it over the last couple of years, although they’d managed to keep anyone outside the intelligence community from getting wind of them… so far, at least.

Unfortunately, the president had a sick feeling that might be about to change.

The increasingly isolated Iranian hardliners had never wavered in their hatred for all things Western and, in particular, for the United States of America and the State of Israel. And it would appear that Western estimates of how long it would take them to produce nuclear weapons had been overly optimistic. In fact, they’d officially scheduled their first stationary nuclear weapons test for “year’s end.” That was elastic enough to give them some wiggle room in the face of unexpected problems, and most experts expected their first weapons to be relatively low in yield and large in size, which would make delivering them difficult. According to the experts, making one small enough to fit into a missile with their current technology would be a challenge, and judging by their ongoing missile tests, their accuracy would probably be less than pinpoint even after they did. On the other hand, the “experts” had been wrong before, and once any capability existed, it could always be improved upon.

That was bad enough; worse were the persistent rumors that they’d managed to “acquire” a handful of ex- Soviet tactical warheads from rogue elements within the Russian Federation before it reluctantly cut its ties with Tehran. The Russians, predictably, denied that it could possibly have happened, but Moscow’s assurances had been remarkably cold comfort under the circumstances to the West. Especially since the Iranian Supreme Leader had openly stated that it was past time the “Great Satan” received another blow like the September 11 attacks or the 2012 Chicago subway sarin attack.

There was no way to be certain whether or not he meant it, but the Iranians had made no real effort to conceal the upsurge in the quantities of military hardware being provided to the insurgents in Afghanistan. Or, for that matter, their redoubled efforts to destabilize Iraq or the increasing sophistication of the weapons they were providing to Hamas for use against Israel. They routinely denied they were doing anything of the sort, of course, but it was the sort of denial intended to be recognized as a lie when it was issued. Under the circumstances, “Sunflower” — the delivery to a major American airport of one of those ex-Soviet tactical devices the Iranians didn’t have aboard a third-party commercial airliner — had to be taken seriously. And now this….

“All right,” Palmer said. “We’re going to operate on the assumption that it was the Iranians. And we’re further going to assume that they launched this attack in order to gain information to facilitate Sunflower. That they were looking for vulnerabilities — and possibly not just on our side of the pond — they could exploit to slip Sunflower through our defenses. I’m not saying we should absolutely close our minds to the possibility that it could have been someone else. In fact, I want that possibility explored aggressively. But at this moment, assuming it wasn’t Iran if it actually was could be disastrous.”

She looked around at her advisers once more, aware as never before that they were just that — advisers — and that the ultimate decision, and responsibility, was hers. Then her eyes focused on Harrison Li, the Secretary of Defense.

“Harry, you, Frank, and General Koslow will operate on the assumption that Sunflower is a reality and the clock is ticking. For all we know, there’s a nuke already airborne right this moment, headed for New York or Atlanta or Los Angeles. We need to find it and stop it, and we need to do it in a way that doesn’t create a national panic. God only knows what would happen — how many people might get trampled in the crush — if we ordered an immediate evacuation of every possible target!”

The stillness in the conference room was very nearly absolute.

“I know we’ve got cover plans in place to ramp up aircraft inspections without telling anyone we’re looking for an actual nuclear device,” she continued. “I want those plans activated, and I think it’s time we had an ‘unscheduled’ drill here in the States to test our terrorist response plans. Get that laid on immediately… and figure out a way to extend our ‘drill’s’ duration. Let’s get as many of our first responders mobilized and keep them there as long as we can without going public about Sunflower.

“In the meantime, we need to find out if our allies did get hit, or if it was just us. I’ll personally call the British and Canadian prime ministers and the French president, tell them what’s happened, and ask them frankly if the same thing’s happened to one or more of them. General Sutcliffe, I’ll want you and your people available to talk to their people about the technical aspects, but if this is a prelude to Sunflower, we might not be the only targets, and that means we have to bring the others onboard about this ASAP, for their own protection as well as our own.

“For obvious reasons, though, we’ll operate on the assumption that we’re the target — or at least the primary target — and act accordingly. In addition to our Homeland Security exercises, I want all CONUS air defenses on high alert, too. And I want our air defense plans modified on the assumption that the people coming after us have now gained access to our existing plans. I know there’s a limit to how they can be adjusted, but I can’t believe anyone would go after this kind of information without some plan to use it. From what your tech experts seem to be saying, the people who launched this attack have to have been pretty damned confident they’d get through — that they’d take us by surprise, the first time at least — but they have to have realized we’ll beef up our defenses to keep them from doing it again. So if this is the first step in an active attack on one of our cities, they wouldn’t have gone after our computers any sooner than they figured they had to. They wouldn’t want to give us any more time to react and adjust than they absolutely had to.”